Source hostname instead of source_ip

kmroz · February 28, 2017, 7:00pm

Hello, is there any way to have a source_hostname instead of source_ip. I am looking to monitor traffic data and it seems there is only a choice by IP but hostname would be more useful since we wouldn't have to keep track of every IP.

Thanks,
Kenny

jkuang · February 28, 2017, 7:24pm

Are you referring to the monitoring module that comes with X-Pack?

kmroz · February 28, 2017, 7:27pm

no packetbeat,

i would like to use hostnames instead of IP's

andrewkroh · March 1, 2017, 4:14pm

What hostname would you like to see? What protocols are you talking about here?

There is a reverse lookup filter in Logstash that can add hostnames to events.

kmroz · March 1, 2017, 4:27pm

how can this be done through logstash? is there a way to do this through elasticsearch as i am not sending any packetbeats to logstash.

andrewkroh · March 1, 2017, 4:35pm

You need Logstash for that. See https://www.elastic.co/guide/en/logstash/current/plugins-filters-dns.html

kmroz · March 1, 2017, 4:37pm

ok, ill give this a shot thanks!

system · March 29, 2017, 4:37pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
How to fetch IP address of using winlogbeat? Beats winlogbeat	9	3494	February 2, 2018
Name in place of IP Beats packetbeat	6	1180	October 24, 2019
How to match IP address to hostname without dns [Solved] Logstash	6	19286	July 6, 2017
Record originating IP of filebeats Logstash	4	2554	July 6, 2017
Logstash to ignore beat.hostname to set as host , and use logstash server hostname as o/p Logstash	1	479	December 15, 2016

Source hostname instead of source_ip

Related topics